~ubuntu-branches/ubuntu/quantal/apache2/quantal

Viewing changes to debian/patches/085_CVE-2011-3607.dpatch

Committer: Package Import Robot
Author(s): Chuck Short
Date: 2011-12-09 05:20:43 UTC
mfrom: (14.3.31 sid)
Revision ID: package-import@ubuntu.com-20111209052043-ueqp28b9fconxxg1

Tags: 2.2.21-3ubuntu1

* Merge from Debian testing.  Remaining changes:
  - debian/{control, rules}: Enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
  - debian/control: Add bzr tag and point it to our tree
  - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
  - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
    Plymouth aware passphrase dialog program ask-for-passphrase.

files added:
debian/patches/084_CVE-2011-4317.dpatch

debian/patches/085_CVE-2011-3607.dpatch

files modified:
debian/changelog

debian/control

debian/convert_docs

debian/patches/00list

debian/suexec.8

Show diffs side-by-side

added added

removed removed

debian/patches/085_CVE-2011-3607.dpatch

#! /bin/sh /usr/share/dpatch/dpatch-run

## 085_CVE-2011-3607.dpatch by Stefan Fritsch <sf@debian.org>

## All lines beginning with `## DP:' are a description of the patch.

## DP: Fix integer overflow, based on upstream r1198940

@DPATCH@

diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/server/util.c trunk/server/util.c

--- trunk~/server/util.c 2011-05-19 04:17:37.000000000 +0200

+++ trunk/server/util.c 2011-12-03 18:46:39.875941529 +0100

@@ -366,7 +366,7 @@

char *dest, *dst;

char c;

size_t no;

- int len;

+ apr_size_t len;

if (!source)

return NULL;

@@ -391,6 +391,8 @@

len++;

}

else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {

+ if (APR_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so)

+ return APR_ENOMEM;

len += pmatch[no].rm_eo - pmatch[no].rm_so;

}

Older »